Judge Says FTC Can Sue Over Poor Data Security

, Corporate Counsel


In a case being closely watched by general counsel, a federal judge ruled the Federal Trade Commission has authority to take legal action against companies that have faulty consumer data security.

What's being said

  • not available

    Actually, the FTC issued data security guidance for businesses in 2011 and 2012. The 2011 guidance is a document titled Protecting Personal Information – A Guide for Business. http://goo.gl/zKrnrA The FTC cited that guide in its March 2012 report on Protecting Consumer Privacy in an Era of Rapid Change in the section discussing the obligation of businesses to provide “reasonable” data security for consumer information. http://goo.gl/OkawYw

    For example, 2011 FTC guidance includes the statements:

    Regular email is not a secure method for sending sensitive data. The better practice is to encrypt any transmission that contains information that could be used by fraudsters or identity thieves.

    Encrypt sensitive information that you send to third parties over public networks (like the Internet), and consider encrypting sensitive information that is stored on your computer network or on disks or portable storage devices used by your employees. Consider also encrypting email transmissions within your business if they contain personally identifying information.

    In other words, the FTC has said that businesses should use email encryption in order to provide “reasonable” data security for sensitive consumer data.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article# 1202650394926

Thank you!

This article's comments will be reviewed.